# This is mostly following
# http://taigaio.github.io/taiga-doc/dist/setup-production.html#circus-and-gunicorn
#
# It is just for dev/testing.. we're installing stuff from git/pip, etc..
#

- dnf: name={{item}} state=present
  with_items:
  - postfix

  - nginx
  - libsemanage-python
  - postgresql-server
  # Need this to use the postgresql ansible module
  - python-psycopg2

  - python3-gunicorn
  - python3-psycopg2
  - gettext

  - git
  - python3
  - python3-devel
  - python3-pip
  - redhat-rpm-config
  - gcc
  - freetype-devel
  - libxml2-devel
  - libxslt-devel
  - libjpeg-turbo-devel
  - postgresql-devel
# need this for letsencrypt cert
  - certbot
  tags: taiga

- user: name=taiga comment="Taiga System Account"
  tags: taiga

### Real quick, let's setup postfix for mail on the side.
### if we ever move this internally, we'll just use bastion.
- name: Set postfix to run on boot
  service: name=postfix state=started enabled=yes
  tags: taiga

### FIRST, there is a lot of postgres db stuff to setup ###
- name: Initialize postgres if necessary
  command: /usr/bin/postgresql-setup initdb
           creates=/var/lib/pgsql/data/base
  notify: restart postgresql
  tags: taiga

- name: Add our postgres config file.
  copy: >
    src=pg_hba.conf
    dest=/var/lib/pgsql/data/pg_hba.conf
    owner=postgres
  notify: restart postgresql
  tags: taiga

# No need to let postgres talk to the world, right?
#- name: Let postgresql listen to '*'
#  command: sed -i -e "s|#listen_addresses = 'localhost'|listen_addresses = '*'|" /var/lib/pgsql/data/postgresql.conf
#  notify: restart postgresql
#  tags: taiga

- name: Ensure postgres has a place to backup to
  file: dest=/backups state=directory owner=postgres
  tags: taiga

- name: Copy over backup scriplet
  copy: src=backup-database dest=/usr/local/bin/backup-database mode=0755
  tags: taiga

- name: Set up some cronjobs to backup databases as configured
  template: >
    src=cron-backup-database
    dest=/etc/cron.d/cron-backup-database-{{ item }}
  with_items:
  - taiga
  tags: taiga

- name: Set postgresql-server to run on boot
  service: name=postgresql state=started enabled=yes
  tags: taiga

# Make sure we have db users
- postgresql_user: name=taiga
  # password={{ taiga_db_pass }}
  tags: taiga

- postgresql_db: name=taiga owner=taiga encoding=UTF-8
  tags: taiga
### DONE with db stuff

### NEXT, Install our plugin for the backend first
- command: sudo -u taiga git clone https://github.com/fedora-infra/taiga-contrib-fas-openid-auth.git
           chdir=/home/taiga/
           creates=/home/taiga/taiga-contrib-fas-openid-auth
  tags: taiga

- command: python3 setup.py develop
           chdir=/home/taiga/taiga-contrib-fas-openid-auth/back
  tags: taiga
### DONE with our plugin

### THEN, setup taiga-back from git
- name: copy systemd service file in for taiga
  copy: src=taiga-back.service dest=/usr/lib/systemd/system/taiga-back.service
  notify: reload systemd service files
  tags: taiga

- command: sudo -u taiga git clone https://github.com/taigaio/taiga-back.git
           chdir=/home/taiga/
           creates=/home/taiga/taiga-back
  tags: taiga

- command: sudo -u taiga git checkout {{taiga_back_version}}
           chdir=/home/taiga/taiga-back
  tags: taiga

# change default admin password
- name: change admin password
  command : sudo -u taiga sed -i -e 's/\"pbkdf2_sha256.*\"/\"{{taiga_admin_pw}}\"/' /home/taiga/taiga-back/taiga/users/fixtures/initial_user.json
  tags: taiga

# settle for os unicorn
- name: remove gunicorn
  command: sudo -u taiga sed -i -e '/^gunicorn.*$/d' requirements.txt
           chdir=/home/taiga/taiga-back
  tags: taiga

- command: pip3 install -r requirements.txt
           chdir=/home/taiga/taiga-back
           creates=/usr/lib/python3.4/site-packages/django/
  tags: taiga

# make sure this is the working version of html5lib
- command: pip3 install html5lib==0.9999999
  tags: taiga


- name: copy in our taiga backend config
  template: src=local.py dest=/home/taiga/taiga-back/settings/local.py
            mode=0640 owner=taiga group=taiga
  notify: restart taiga-back
  tags: taiga

- file: dest=/home/taiga/taiga-back/locale state=directory
  tags: taiga

## TODO -- make these idempotent with creates=...
- command: sudo -u taiga python3 manage.py migrate --noinput
           chdir=/home/taiga/taiga-back
  tags: taiga
- command: sudo -u taiga python3 manage.py loaddata initial_user
           chdir=/home/taiga/taiga-back
  tags: taiga
- command: sudo -u taiga python3 manage.py loaddata initial_project_templates
           chdir=/home/taiga/taiga-back
  tags: taiga
- command: sudo -u taiga python3 manage.py loaddata initial_role
           chdir=/home/taiga/taiga-back
  tags: taiga
- command: sudo -u taiga python3 manage.py compilemessages
           chdir=/home/taiga/taiga-back
  tags: taiga
- command: sudo -u taiga python3 manage.py collectstatic --noinput
           chdir=/home/taiga/taiga-back
  tags: taiga

- name: set taiga-back to start
  service: name=taiga-back state=started enabled=yes
  tags: taiga

### DONE with taiga-back

### Getting close to the end.. setup taiga-front-dist from git
- command: sudo -u taiga git clone https://github.com/taigaio/taiga-front-dist.git
           chdir=/home/taiga/
           creates=/home/taiga/taiga-front-dist
  tags: taiga

- command: sudo -u taiga git checkout {{taiga_front_version}}
           chdir=/home/taiga/taiga-front-dist
  tags: taiga

- template:
    src=conf.json
    dest=/home/taiga/taiga-front-dist/dist/conf.json
    mode=0644 owner=taiga group=taiga
  tags: taiga

# create plugins directory - new in taiga 3.0.0
- file: dest=/home/taiga/taiga-front-dist/dist/plugins state=directory owner=taiga group=taiga
  tags: taiga

# Link our plugin pieces in place
- file: src=/home/taiga/taiga-contrib-fas-openid-auth/front/dist
        dest=/home/taiga/taiga-front-dist/dist/plugins/fas-openid-auth
        state=link
        owner=taiga
        group=taiga
  tags: taiga

### DONE with taiga-front

### letsencrypt

### script to renew certificate
- name: copy cert renew script
  copy: src=renew-cert.sh dest=/usr/local/bin/renew-cert.sh mode=0755
  tags:
  - taiga
  - cron
  - letsencrypt

### cron to renew cert
- name: install cron for cert renewal
  copy: src=cron-renew-cert dest=/etc/cron.d/cron-renew-cert
  notify: restart crond
  tags:
  - taiga
  - cron

### FINALLY, nginx to serve/proxy it all
- template: src=taiga-http.nginx dest=/etc/nginx/conf.d/taiga-http.conf
        mode=0644 owner=nginx group=nginx
  notify: restart nginx
  tags:
  - taiga
  - nginx
- template: src=taiga-ssl.nginx dest=/etc/nginx/conf.d/taiga-ssl.conf
        mode=0644 owner=nginx group=nginx
  notify: restart nginx
  tags:
  - taiga
  - nginx

# Add nginx to the taiga group so it gets rights to read all our static stuff
- user: name=nginx groups=taiga append=yes
  tags: taiga
- file: dest=/home/taiga mode=0750
  tags: taiga
- seboolean: name="{{item}}" state=true persistent=true
  with_items:
  # So we can read static content at all
  - httpd_read_user_content
  # So we can follow the symlink to our FAS plugin
  - httpd_enable_homedirs
  # So we can reverse proxy stuff locally to gunicorn
  - httpd_can_network_connect
  tags: taiga

- service: name=nginx state=started enabled=yes
  tags: taiga
